aruba vlan assignment rules

Configuring VLAN Derivation Rules

The rule assigns the user to a VLAN based on the attributes returned by the RADIUS server when the user is authenticated and the MAC address of the user.

You can configure VLAN derivation rules for an SSID profile by using the Instant UI or CLI.

In the Instant UI

Figure 1   VLAN Assignment Rule Window

To create a VLAN assignment rule for WLAN SSID:

(Instant Access Point)(config)# wlan ssid-profile <name>

(Instant Access Point)(SSID Profile <name>)# set-vlan <attribute>{equals|not-equals|starts-with|ends-with|contains|matches-regular-expression}<operator><VLAN-ID>|value-of}

(Instant Access Point)(SSID Profile <name>)# end

(Instant Access Point)# commit apply

To configure a VLAN assignment rule for a wired profile:

(Instant Access Point)(config)# wired-port-profile <nname>

(Instant Access Point)(wired ap profile <name>)# set-vlan <attribute>{equals|not-equals|starts-with|ends-with|contains}<operator><VLAN-ID>|value-of}

(Instant Access Point)(wired ap profile <name>)# end

(Instant Access Point)(config)# wlan ssid-profile Profile1

(Instant Access Point)(SSID Profile "Profile1")# set-vlan mac-address-and-dhcp-options matches-regular-expression ..link 100

(Instant Access Point)(SSID Profile "Profile1")# end

Network Assignment

Network assignment for wired networks.

The Network Assignment page facilitates the assignment of wired networks to Instant On devices at the site. All the ports on an Instant On AP11D router or switch can now be configured at the same time and assigned to a particular VLAN network. The Network Assignment page provides a global view of the wired network and displays all the devices deployed at the site. Every port on the Instant On devices at the site can be assigned in bulk to a particular VLAN, expect for the following:

• The uplink port
• A port where an Instant On device is connected.
• A port that is configured as part of a trunk.
• A port that uses 802.1x

The following procedure configures the network assignment on Instant On devices:

• Under More options , tap Network assignment . The Network Assignment screen is displayed with the list of all the wired Instant On devices at the site.
• Clear —Removes the VLAN from all the ports.
• All tagged —Assigns and tags the VLAN of a particular wired network to all the ports of the selected Instant On device.
• All untagged —Assigns and untags the VLAN of a particular network to all the ports of the selected Instant On device.

Besides assigning the VLAN in bulk to all the ports, you can also modify the status of each port by tapping on it. The status of the port is changed to C (clear), T (tagged), or U (untagged) subsequently every time you tap on a particular port.

Network Assignment for Wireless Networks

Instant On provides the option to assign employee and guest wireless networks to the APs on site. By default, all APs are selected for a newly created wireless network. You can also choose not to assign any APs to a particular wireless network.

The following procedure describes how to assign Instant On APs to a wireless network:

• Under More options , tap Network assignment . The Network Assignment screen is displayed with the list of all the Instant On APs at the site.

Alternatively, the wireless networks can also be assigned to an Instant On AP in the device details page. For more information, see Network Assignment for Instant On APs .

• Setting Country Code
• Configuring Systems

Configuring VLAN Name and VLAN ID

• Configuring External Antenna
• Configuring ARM Features
• Configuring Radio Parameters
• Configuring Dual 5 GHz Radio Bands on an Instant AP
• Configuring System Parameters for an AP
• Enabling 802.1X Authentication on Uplink Ports of an AP
• Configuring HTTP Proxy on Instant AP

Aruba Central allows you to map VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. name to a VLAN ID for the ease of identifying the existing VLANs.

To map a VLAN name to a VLAN ID, complete the following steps:

1. In the Network Operations app, set the filter to a group that contains at least one AP.

The dashboard context for the group is displayed.

2. Under Manage , click Devices > Access Points .

A list of access points is displayed in the List view.

3. Click the Config icon.

The tabs to configure the access points are displayed.

4. Click Show Advanced , and click the System tab.

The System details page is displayed.

5. Click the Named VLAN Mapping accordion.

6. Click the + icon in the VLAN Name to VLAN ID Mapping pane.

The VLAN Name to VLAN ID Mapping window is displayed.

7. In the VLAN Name to VLAN ID Mapping window, enter the VLAN Name and VLAN ID .

8. Click OK .

The VLAN Name to VLAN ID Mapping table in the Named VLAN Mapping section lists all the mapped VLAN.

You can find the Named VLAN Mapping feature applied in the following fields of corresponding UI pages of Aruba Central :

The VLAN ID field in the VLANs tab, when for when Custom for Instant AP Assigned and Static for External DHCP server assigned is selected during WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. creation. For more information, see Creating a Wireless Network Profile .

The VLAN ID field in the VLANs tab, when Custom for Instant AP Assigned and Static for External DHCP server assigned is selected during wired port profile creation. For more information, see Configuring General Network Profile Settings .

The Access rules page in the Interfaces > Access tab and the WLANs > Access tab, when you add rules for selected roles. Select VLAN Assignment as the rule type in the Access rules page to find the mapped VLAN name in the VLAN ID field.

You can also map VLAN ID to a VLAN name when you customize the Client VLAN Assignment configuration in VLANs tab during network profile creation. For more information, see VLANs Parameters .

Points to Remember

The maximum number of Named VLAN ID Mapping allowed in Aruba Central is 32.

VLAN mapping cannot be performed if the VLAN name does not exist.

The VLAN mapping record is deleted from the VLAN Name to VLAN ID Mapping table when the VLAN name is deleted.

You can only map a single VLAN id to a VLAN name.

The VLAN name field is not case-sensitive.

Support Center